Wireless Linux: Putting Wireless to Work

04/11/2002

In the first
article in this series we talked about the buzz around wireless networking. In
the intervening time, the wireless network buzz has only grown louder with the
release of actual hardware that implements the IEEE 802.11a 54Mbps
standard, which is more than five times as fast as the current flavor 802.11b.

Whatís the State of Linux Wireless Networks?

Wireless networks are even more in the news than when
Part I of this series was written -- for both good and bad reasons. The good is that there are even more
choices in wireless networking and the 72Mbps turbo-version of standard 802.11a is finally
available from a number of vendors; the bad is that several new security
vulnerabilities have been discovered in the WEP (Wired Equivalent Privacy)
standard built into all 802.11x wireless cards. This isnít a fatal flaw, but it is making life a lot more "interesting" for those wishing to deploy wireless networks -- a lot more planning must be done to "get it right."

For Linux specifically thereís been nothing but good news:
every modern Linux distribution that supports PCMCIA cards can now use wireless
cards from almost any vendor. This
is easier than youíd think since there are only three or four kinds of PCMCIA controller
chipsets being used by the majority of vendors. Itís as easy as
going to your local CompUSA and dropping $100 for a card and youíre on the
air. Even desktop systems can
support PCMCIA cards with the addition of a single- or double-card controller.

On the access point side of things there are more choices
too; there are dozens of vendors marketing access points and the prices
typically are in the $200-$350 range. The only hitch is finding an access point you can manage from a Linux system.

Linux and Wireless Infrastructures

One of the most amazing things about Linux from an
infrastructure perspective is the depth and breadth of networking systems and
facilities it supports right out of the box. From AppleTalk to TCP/IP and PPP to wireless NIC cards, itís
all there to slice and dice anyway that works for your particular networking
needs.

Of course, just because Linux can participate in a network doesnít necessarily mean it can be used to manage that network. Up until recently this was very true
for wireless networking, but not anymore.

Managing Access Points

One of the inherent problems in using a lot of mass market
devices like 802.11x access points is the fact that although some manufacturers
have gotten hip to Linux as a client (usually because there are Linux advocates
who have put in the time to port the drivers), they more often than not donít
support Linux as a device capable of managing their access point hardware.

Often this is a simple business
decision -- it costs money to develop management applications. And Linux as a
desktop system doesnít (yet)
command the marketing numbers that Windows boxes do. However, all is not lost, because several of the most popular
access point management applications have been developed that let you do all
the things you can do with the vendorís own tools.

One of the best-supported access points is also one of the
first that was available: the Apple AirPort. Apple was one of the first vendors out of the gate with a
wildly popular product that is so simple to install and operate that if you
have a DHCP server on your network (and youíre running an "open" network sans
encryption) you can just turn it on and plug it into your network with
absolutely no further setup (youíll have an "open" network with no encryption
turned on, but thatís why there are configuration tools).

Other vendors that can be configured and easily managed with
Linux include access points from LinkSys, Agere/Orinoco, and SMC.

Iím partial to the Apple AirPort and have a few of them, so
the management tool shown here will pertain to it. I believe the AirPort Configuration shown here will also work with the Agere/Orinoco RG1000, which is basically the same device in
different packaging and uses the same MIB.

A really nice tool to manage AirPort Access Points is "AirPort Config," by Jon Sevy at Drexel University. The screen shots shown here
are both version 1.5 and 2.0. The 1.5 version works with the older
"Graphite" version of AirPort, and the 2.0 version works with the recently introduced
"snow" AirPorts that have 128-bit encryption and a number of other new
features.

One of the nicest aspects of this program (besides that it
runs on Linux) is that itís a Java program so it can run basically anywhere,
even on handheld platforms like the Sharp Zaurus or the Compaq iPAQ.

Like Appleís own AirPort utility, Sevyís program allows you
to "discover" access points, as shown in Figure 1. Here itís found the two base
stations in my office.

Figure 1.

Once youíve discovered the
available access points, you can use the tool to connect to it and administer
its settings. In this example
(Figure 2), weíve connected to the base station and can then select from a number
of different aspects of the device that can be configured. It seems pretty amazing that these
little devices contain so much configurable information until you realize
that theyíre basically little real-time, Unix-like boxes. The original "graphite" Apple AirPort
was based on a KarlBridge wireless router, while the new "snow" version is reportedly
based on VxWorks from Wind River Systems.

Figure 2.

One of the most important
configurable portions of the Apple AirPort, as well as any other wireless
access point, is the ability to control exactly who can connect to and use the
bandwidth. The AirPort, like
others, does this by controlling what MAC addresses can connect. Here (Figure 3) in Sevyís
configurator, you can enter a list
of MAC addresses and, optionally,
a tag to remind you of who has what card.

Figure 3.

Of course, there are a lot more
things to configure, including the most important one if you want a way to
give yourself and the users of your network a modicum of privacy -- encryption settings for the device. (Yes, WEP can be broken, but for
casual, non-monetary transactions it can suffice until more secure firmware
is available later this year.)

Of course, even with this
link-layer encryption, thereís still a lot more work required if youíre going
to deploy and manage larger wireless infrastructures. Weíll get into making
wireless networks more secure regardless of WEP in the next article.

Other Tools

Unfortunately, there are not a lot
of other open source tools available for configuring access points. One of the ways to handle the situation
if your access point isnít directly configurable from Linux is to run the
configuration tools supplied by the vendor under an emulator such as VMware,
Wine, or Bochs. But this can be
disappointing if you are looking for a Linux-compatible solution and may introduce other problems, depending on how tightly the configuration tools are tied to
the underlying hardware.

In the resources section below are links to a number of
the other access point configuration tools available on the Internet.

In the Next Articles

Next time in this Linux in the Enterprise series on Wireless Networking, we delve into strategies you can use to build
wireless infrastructures and make wireless networking more secure from the
laptop/handheld side of things. Weíll also help to make sure that wireless devices
canít compromise your network infrastructure.